CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-24 03:55:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
16,462 Commits 31 Branches 126 Tags
11fb33fdeb942aadebcc0a4664b130f514223628
Commit Graph

858 Commits

Author SHA1 Message Date
Corey Ogburn 11fb33fdeb Add RulesetName to Rule Repos 
Fill in `rulesetName` in the rules repos of the ElastAlert and Strelka engines. These will act as an example to anybody adding their repos to these lists. The field is not required, but helps avoid collisions when managing repos as the value is used for the folder name. When not present, the final folder of the repo url is used as the rulesetName and as the folder name on disk.

Note that rulesetNames including a `/` will create extra folders in the path but the rulesetName will contain the slash, i.e. `rulesetName="joesecurity/sigma-rules"` will create the nested structure of `reposFolder/joesecurity/sigma-rules" containing the contents of the repo. All rules imported from this repo will have the ruleset of `joesecurity/sigma-rules`.
 2025-05-19 14:19:56 -06:00
Josh Brower 9022dc24fb Add Parsing for Playbooks 2025-05-14 13:19:50 -06:00
Corey Ogburn 78b7068638 Playbook Settings 
Map a folder from the manager's soc config folder to soc's sensoroni folder for storing the playbook repo.

Added playbook module section with default values.
 2025-05-14 13:19:49 -06:00
Doug Burks a8cb18bb2e Update defaults.yaml to replace remaining instances of identity_id with user.name 2025-05-08 09:09:26 -04:00
Josh Brower d47a798645 Show user.name instead of id 2025-05-07 11:17:00 -04:00
Jason Ertel 1ecf2b29fc update default actions for subgrid support 2025-05-06 13:56:16 -04:00
Jason Ertel 3b447b343f fix typo 2025-04-17 11:51:45 -04:00
Jason Ertel d0375d3c7e fix typo 2025-04-17 11:51:21 -04:00
Jason Ertel b607689993 improve regex 2025-04-17 11:47:52 -04:00
Jason Ertel 8f1e528f1c improve regex 2025-04-17 11:09:39 -04:00
Jason Ertel 366e39950a subord annotations; ensure node reboots occur in background 2025-04-16 15:55:16 -04:00
Jason Ertel b99bb0b004 support options field on actions 2025-04-04 11:19:30 -04:00
Jason Ertel 9c455badb9 support background actions via config UI 2025-04-03 13:08:44 -04:00
Jason Ertel 1236c8c1f2 support pcap imports for sensors in distributed grids 2025-03-21 10:34:55 -04:00
Jason Ertel ad8f3dfde7 use specified role on new user add 2025-03-17 14:55:40 -04:00
Jason Ertel 2af05b9a23 switch back to colon for better clarity 2025-03-07 08:24:19 -05:00
Doug Burks 3037dc7c38 Update soc_soc.yaml to fix previous change 2025-03-07 07:13:27 -05:00
Mike Reeves 14e95f4898 Update soc_soc.yaml 2025-03-06 21:01:45 -05:00
Mike Reeves bad0031829 Update soc_soc.yaml 2025-03-06 20:58:23 -05:00
Mike Reeves 03ebc2d86e Add Actions 2025-03-05 15:58:10 -05:00
Mike Reeves 3021ed5d36 Add Actions 2025-03-05 15:56:26 -05:00
Mike Reeves b51aa56e86 Some things I thought were bools are not bools 2025-03-05 15:15:26 -05:00
Mike Reeves b01fb733a9 Some things I thought were bools are not bools 2025-03-05 14:56:26 -05:00
Mike Reeves c7c6d3e556 Merge branch '2.4/dev' of github.com:Security-Onion-Solutions/securityonion into truefalse 2025-03-05 13:21:21 -05:00
Corey Ogburn 21a64b6c1d Add Client Parameter 
Add groupItemsPerPage so detections groupby tables have proper default value for page size.
 2025-03-05 09:43:21 -07:00
Doug Burks c6c67f4d06 FEATURE: Add sankey chart to Elastic Agent API dashboard to show relationship between process.name and process.Ext.api.name #14339 2025-03-05 06:31:16 -05:00
Jason Ertel 85450693a2 Merge branch '2.4/dev' into jertel/wip 2025-03-04 10:55:29 -05:00
Jason Ertel 0047246cf2 reduce stdout verbosity 2025-03-04 10:55:12 -05:00
Doug Burks 44535cba8c FIX: Elastic Agent Security Events dashboard should reference user.effective.name #14325 2025-03-04 06:46:56 -05:00
Doug Burks e53f4fd1f1 Update defaults.yaml to quote the process.entity_id value 2025-03-02 05:54:30 -05:00
Mike Reeves 2ffaf2f601 Add hunt queries 2025-02-27 12:42:03 -05:00
Mike Reeves 4696152f78 Add hunt queries 2025-02-27 12:31:51 -05:00
Mike Reeves a0944f8359 Add hunt queries 2025-02-27 12:17:57 -05:00
Mike Reeves 1fdbe987b8 Add hunt queries 2025-02-27 12:15:37 -05:00
Mike Reeves 40303c2d78 Add hunt queries 2025-02-27 12:10:59 -05:00
Mike Reeves 4b5048bd80 Add hunt queries 2025-02-27 11:57:57 -05:00
Mike Reeves 9d31050907 roll back SOC changes 2025-02-27 11:32:59 -05:00
Mike Reeves e930d1dec6 roll back SOC changes 2025-02-27 11:28:06 -05:00
Mike Reeves 1d3bae4a7a Add additional entries for actions 2025-02-27 11:15:51 -05:00
Mike Reeves d950e4ebb3 Add additional entries for actions 2025-02-27 11:11:56 -05:00
Mike Reeves 3ba82bd5a4 Fix actions 2025-02-27 11:04:47 -05:00
Mike Reeves 6c00cdd726 Fix healthlink 2025-02-26 16:15:00 -05:00
Mike Reeves 8bc500e4da soc 2025-02-26 14:16:42 -05:00
Mike Reeves 25217c3262 soc 2025-02-26 14:14:25 -05:00
Mike Reeves 0c2797ecdc soc 2025-02-26 13:49:30 -05:00
Mike Reeves 101f6e744a sensoroni 2025-02-26 13:44:35 -05:00
Mike Reeves c5e0b8a42e sensoroni 2025-02-26 13:40:24 -05:00
Mike Reeves 2bc2e86b01 actions 2025-02-26 13:36:16 -05:00
Mike Reeves 6fec217068 actions 2025-02-26 13:34:32 -05:00
Jason Ertel 9dafa062f8 annotation/config updates 2025-02-25 17:00:41 -05:00